Current time: 08-19-2017, 02:20 AM Hello There, Guest! (LoginRegister)

Post Reply 
Defend against users sharing .htaccess passwords
06-20-2005, 04:16 PM
Post: #1
Defend against users sharing .htaccess passwords
Since there is no Iprotect anymore (boo hoo). I decided to write a simple php function for all who need a quick solution to people sharing out their passwords and killing your bandwidth limits.

here goes, (please pardon my lack of coding
etiquette...i did this as quick as I could)

1 - Change the config variables to suit your envirnoment
2 - Write the checkUserIsAlreayLoggedIn() Call the following function at the top of all your protected php pages.

function checkUserIsAlreayLoggedIn(){
// Config Variables
// Change this line to the path and filename of your users file.
$s_pathToUsersFile = ".users.txt";
// location of shared password page :: Fully Qualified is best
$s_userAlreadyLoggedInURL ="";

// INIT variables :
// HINT: b_ = boolean, s_ = string, i_ = int, h_ = file handle
$b_userIsFound = "false"; $b_passwordIsShared = "false";
$i_timeout = 30*60; // 30min*60sec = 1800 sec

// Let's Go.

$a_lines = file($s_pathToUsersFile);

//compare the time to now;
// if ip is same
// update the row
// if IP is different... send them an error page.

foreach($a_lines as $line){
$userinfo = sscanf($line, "%s\t%s\t%s\n");
list ($theName, $theIp, $theTime) = $userinfo;
if ($theName==$_SERVER['REMOTE_USER']){
$b_userIsFound = "true";
// check IP address is same as last req
if ($theIp == $_SERVER['REMOTE_ADDR']){
// update the time in $line;
$line = $theName."\t".$theIp."\t".time()."\n";
// oh no....its a different ip
// lets check the time of last req
if ((time()-$theTime)>$i_timeout){
// timeout has occured...its safe to update the time in $line
$line = $theName."\t".$theIp."\t".time()."\n";
else {
// ip address is different and user has logged in without timeout occuring!!!
$b_passwordIsShared = "true";

fputs($h_newFile,$line); //place $line back in file

if ($b_passwordIsShared=="true"){
header("Location: $s_userAlreadyLoggedInURL"); /* Redirect browser */
/* Make sure that code below does not get executed when we redirect. */

if ($b_userIsFound=="false"){
$line = $_SERVER['REMOTE_USER']."\t".$_SERVER['REMOTE_ADDR']."\t".time()."\n";
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 

Forum Jump: